It has yet to be disclosed which company has made a big mistake, but it isn’t necessarily important about who it is, but rather what they did.
Ransomware attacks date back to the late 1980s. Since then, the tactics and techniques have drastically changed. Threat actors and groups are more powerful in terms of the effects left on organizations and businesses.
Ransomware attacks have shifted from exploiting the ‘availability’ element to exploiting the ‘confidentiality’ element. This means threat actors simply focused on only prohibiting users from their data by encryption, but now their focus is publishing victims’ information to the public. This is more widely known as double extortion. As a result, ransomware attacks are more serious than ever before. When confidential data is exposed, there is then an even bigger problem.
Usually when victims contact the National Cyber Security Centre (NCSC), like this company did, their only concern is about getting their business operational again. But there is more to the story. Even though this company paid their attackers to get their data back, they still didn’t stop the bleeding. They failed to consider crucial elements where threat actors could have had backdoor access to the network, administrator privileges, or easily re-deployed the ransomware, which caused them to be targeted again. Unfortunately, threat actors did compromise their environment and they paid the ransom a second time. The proper steps need to be taken, the critical questions need to be asked, and the right people need to be involved before action is taken.
It seems this particular company did not have anyone investigate what had happened to their network. When SpearTip engineers encounter an incident, they immediately go to work in finding the source with thorough investigation to ensure these attacks are not repeated and threat actor access is instantly restricted. If SpearTip’s engineers are watching continuously for threats, your environment won’t encounter an attack like this, let alone a second one.
Organizations should consider continuously monitoring their environment 24/7/365 because It is more than having a tool in place. It is about the human intelligence and expertise. When a cybersecurity firm like SpearTip has their proprietary tool, ShadowSpear®, and a Security Operations Center (SOC) working for you in conjunction, there is a powerful force defending your environment.
Now, especially this year, is not the time to think your organization is immune to this type of attack. Every organization, every industry, every business is a target. Don’t be naive to the live circumstances. With help and guidance from cybersecurity professionals, you can get your organization’s cybersecurity risk profile in check. It is easy to engage with a cybersecurity firm to perform a risk assessment, a pre-breach scenario, or a tabletop exercise to avoid a business disruption, a ruined brand reputation, or headline news.
Together, a cybersecurity firm and an organization can change the industry and motivation of threat actors. The more pressure put on threat actors when ransom demands are not paid, the less motivated they will be to compromise an environment.
If, for whatever reason, your organization does fall victim to a ransomware attack, SpearTip’s team of cybersecurity professionals focus on getting your business back up and running. Our teams take back your network and immediately begin recovery of crucial assets needed to operate. If a ransom is demanded, we do everything we can to avoid paying. If paying a threat actor is required for the safety of your data, we will take over all negotiations and communication to ensure the keys we obtain are correct before exchanging currency.
SpearTip has the services and resources you need to not be like this company. It isn’t worth having your company dismantled. You can use our endpoint detection response tool, ShadowSpear®, in addition to our certified cybersecurity engineers working in our US based SOC.